Why not just store your passwords in an zip and give it a strong password?
I feel like none of these password managers can be trusted to not be compromised.
Wouldn't it be safer to just keep a zip on a usb key or two?
Password Managers
can you trust the zip you just made?
WRITE YOUR OWN
I agree with you. I use a plain text file that I encrypt with gpg. This way is simple, secure, and works everywhere my gpg key goes without the need to install extra software.
This is what pass does.
what about masterpass? seems pretty safe to me
No, pass stores whatever plain texts you want as PGP encrypted files, which is far better than OP's silly idea of zipping shit just so you can password it, it's also way simpler to use.
is something wrong with keepassx2?
Yes. If you got malware, it would know where to look for password, read them from memory if keypass software is running
But if you store in zipped text, how would malware know that there are passwords there? And not just random text?
If a malware can be designed to recognize Keepass, it can also be designed to recognize Pass.
If you zip a text file the text file is on the harddrive and can be recovered unless overwritten which is fuck unlikely on a 200GiB SSD and nearly impossible on a 2tB HDD. So packing them in a zip file and deleting the txt is the same as storing them unencrypted with the difference that a 10 year old woin't find it. Password managers suck:
1. pw has a known path
2. encryption is questionable
3. pw manager has to be trustworthy
If you want to store your passwords on a computer use a truecrypt container.
1. Create a truecrypt volume.
2. Create a text file (any or no extension) in it
3. DON'T USE NOTEPAD++ OR DISABLE THE BACKUP FUNCTIONS OTHERWISE THE TXT WILL BE BACKUPED IN APPDATA (((UNENCRYPTED)))!
Because a password manager is more comfy than a ZIP file.
Nah, just a password manager that doesn't store passwords.
*A PLAIN TEXT FILE NOT SOME FUCKING DOCUMENT
I must be missing some subtle ironic humor here.
www.passwordstore.org/
I used to use pass back in its early days when it wasn't yet in the Gentoo repos. I actually wrote a patch to make it work with gpg1 because Gentoo is retarded and doesn't let you install gpg1 and gpg2 on the same system, but never shared it with anybody. I decided it was less work to manipulate the files by hand than to maintain the patch. Most operations need almost exactly the same amount of command input, anyway.
No.
Using factorization-based encryption schemes for password stores is future proof for probably another decade (despite NSA already discouraging use of Suite B in favour of anti-Shor/anti-quantum encryption), but most current symmetric crypto will last far longer than that.
It'd be more reasonable for pass to utilize standard symmetric crypto.
Encryptr.
kek.
I just remember my passwords. I've never got hacked.
Password managers are trying to solve a problem that doesn't exist.
Why use pass, rather than a single .txt file encrypted/decrypted on demand by GPG?
Pass seems a little more complex.
Redpill me, /tech
Why shouldn't I just use Firefox to store my passwords?
It's not easy to recover the password that you've entered.
Unless you have some way to transfer your Firefox profile (Firefox Sync), even starting a brand new profile on the very same computer means you will lose your passwords.